PEAP MSCHAPv2 - Novell eDir
Josh Howlett
josh.howlett at bristol.ac.uk
Wed Jul 26 15:00:31 CEST 2006
Hi Catriona,
If this is for the JRS, you can also get support (from me or Alan
Buxey, who is also on this list!) from service at ukerna.ac.uk.
Anyway, could you please post the ldap { } section in radiusd.conf?
(please obfuscate any passwords, etc).
josh.
On 26 Jul 2006, at 13:47, O'Connell Catriona wrote:
> Dear All,
>
> I'm trying (and failing) to implement 802.1x using WPA2 between an
> XP PC
> and the AP, PEAP and MSCHAPv2 with FreeRadius 1.1.0. The backend is a
> Novell LDAP server running eDirectory with Universal Passwords
> enabled.
> I've set up the ldap module following the instructions from Novell (
> www.novell.com/documentation/edir_radius/pdfdoc/radadmin/
> radadmin.pdf )
> except for the post-auth section as FR complains about the lack of a
> post-auth method in ldap. Another difference is that the LDAP
> server is
> running on 636/tcp only, so I added the port=636 to the ldap config
> and
> commented-out the start_tls option.
>
> I've been working on this for weeks and not getting very far - so any
> insight would be appreciated.
>
> Thank you
>
> Catriona
>
> Debug follows:
>
>
> [root at auth1 raddb]# /usr/sbin/tcpdump -i eth0 -w
> /home/cczcso/cap-060726C -s 1500 &
> [1] 18467
> [root at auth1 raddb]# tcpdump: listening on eth0, link-type EN10MB
> (Ethernet), capture size 1500 bytes
>
> [root at auth1 raddb]# /etc/init.d/radiusd xstart
> Starting RADIUS server: Starting - reading configuration files ...
> reread_config: reading radiusd.conf
> Config: including file: /etc/raddb/clients.conf
> Config: including file: /etc/raddb/snmp.conf
> Config: including file: /etc/raddb/eap.conf
> Config: including file: /etc/raddb/sql.conf
> main: prefix = "/usr"
> main: localstatedir = "/var"
> main: logdir = "/var/log/radius"
> main: libdir = "/usr/lib"
> main: radacctdir = "/var/log/radius/radacct"
> main: hostname_lookups = no
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 1812
> main: allow_core_dumps = no
> main: log_stripped_names = no
> main: log_file = "/var/log/radius/radius.log"
> main: log_auth = yes
> main: log_auth_badpass = yes
> main: log_auth_goodpass = yes
> main: pidfile = "/var/run/radiusd/radiusd.pid"
> main: user = "(null)"
> main: group = "(null)"
> main: usercollide = no
> main: lower_user = "no"
> main: lower_pass = "no"
> main: nospace_user = "no"
> main: nospace_pass = "no"
> main: checkrad = "/usr/sbin/checkrad"
> main: proxy_requests = no
> security: max_attributes = 200
> security: reject_delay = 1
> security: status_server = no
> main: debug_level = 0
> read_config_files: reading dictionary
> read_config_files: reading naslist
> Using deprecated naslist file. Support for this will go away soon.
> read_config_files: reading clients
> read_config_files: reading realms
> radiusd: entering modules setup
> Module: Library search path is /usr/lib
> Module: Loaded exec
> exec: wait = yes
> exec: program = "(null)"
> exec: input_pairs = "request"
> exec: output_pairs = "(null)"
> exec: packet_type = "(null)"
> rlm_exec: Wait=yes but no output defined. Did you mean output=none?
> Module: Instantiated exec (exec)
> Module: Loaded expr
> Module: Instantiated expr (expr)
> Module: Loaded PAP
> pap: encryption_scheme = "crypt"
> Module: Instantiated pap (pap)
> Module: Loaded CHAP
> Module: Instantiated chap (chap)
> Module: Loaded MS-CHAP
> mschap: use_mppe = yes
> mschap: require_encryption = yes
> mschap: require_strong = yes
> mschap: with_ntdomain_hack = no
> mschap: passwd = "(null)"
> mschap: authtype = "MS-CHAP"
> mschap: ntlm_auth = "(null)"
> Module: Instantiated mschap (mschap)
> Module: Loaded System
> unix: cache = no
> unix: passwd = "(null)"
> unix: shadow = "(null)"
> unix: group = "(null)"
> unix: radwtmp = "/var/log/radius/radwtmp"
> unix: usegroup = no
> unix: cache_reload = 600
> Module: Instantiated unix (unix)
> Module: Loaded LDAP
> ldap: server = "ldapsvr.nottingham.ac.uk"
> ldap: port = 636
> ldap: net_timeout = 1
> ldap: timeout = 4
> ldap: timelimit = 3
> ldap: identity = "cn=RADIUSadmin,o=university"
> ldap: tls_mode = no
> ldap: start_tls = no
> ldap: tls_cacertfile = "/etc/raddb/certs/UONLDAP-CA-
> SelfSignedCert.b64"
> ldap: tls_cacertdir = "(null)"
> ldap: tls_certfile = "(null)"
> ldap: tls_keyfile = "(null)"
> ldap: tls_randfile = "(null)"
> ldap: tls_require_cert = "demand"
> ldap: password = "whatever"
> ldap: basedn = "o=university"
> ldap: filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
> ldap: base_filter = "(objectclass=radiusprofile)"
> ldap: default_profile = "(null)"
> ldap: profile_attribute = "(null)"
> ldap: password_header = "(null)"
> ldap: password_attribute = "nspmPassword"
> ldap: access_attr = "(null)"
> ldap: groupname_attribute = "cn"
> ldap: groupmembership_filter =
> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&
> (objectClass=Gr
> oupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
> ldap: groupmembership_attribute = "(null)"
> ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"
> ldap: ldap_debug = 0
> ldap: ldap_connections_number = 5
> ldap: compare_check_items = no
> ldap: access_attr_used_for_allow = yes
> ldap: do_xlat = yes
> ldap: set_auth_type = yes
> rlm_ldap: Registering ldap_groupcmp for Ldap-Group
> rlm_ldap: Registering ldap_xlat with xlat_name ldap
> rlm_ldap: reading ldap<->radius mappings from file
> /etc/raddb/ldap.attrmap
> rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
> rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
> rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
> rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
> rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-
> Station-Id
> rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
> Calling-Station-Id
> rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
> rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
> rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
> rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
> rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
> rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
> rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-
> Address
> rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-
> Netmask
> rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
> rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
> rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
> rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
> rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
> Framed-Compression
> rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
> rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
> rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
> rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
> rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
> rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
> Framed-IPX-Network
> rlm_ldap: LDAP radiusClass mapped to RADIUS Class
> rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
> rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
> rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
> Termination-Action
> rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-
> Service
> rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
> rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
> rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
> Framed-AppleTalk-Link
> rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
> Framed-AppleTalk-Network
> rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
> Framed-AppleTalk-Zone
> rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
> rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
> conns: 0x95bce58
> Module: Instantiated ldap (ldap)
> Module: Loaded eap
> eap: default_eap_type = "peap"
> eap: timer_expire = 60
> eap: ignore_unknown_eap_types = no
> eap: cisco_accounting_username_bug = no
> rlm_eap: Loaded and initialized type md5
> rlm_eap: Loaded and initialized type leap
> gtc: challenge = "Password: "
> gtc: auth_type = "PAP"
> rlm_eap: Loaded and initialized type gtc
> tls: rsa_key_exchange = no
> tls: dh_key_exchange = yes
> tls: rsa_key_length = 512
> tls: dh_key_length = 512
> tls: verify_depth = 0
> tls: CA_path = "(null)"
> tls: pem_file_type = yes
> tls: private_key_file = "/etc/raddb/certs/cert-srv.pem"
> tls: certificate_file = "/etc/raddb/certs/cert-srv.pem"
> tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem"
> tls: private_key_password = "whatever"
> tls: dh_file = "/etc/raddb/certs/dh"
> tls: random_file = "/etc/raddb/certs/random"
> tls: fragment_size = 1024
> tls: include_length = yes
> tls: check_crl = no
> tls: check_cert_cn = "(null)"
> rlm_eap_tls: Loading the certificate file as a chain
> rlm_eap: Loaded and initialized type tls
> peap: default_eap_type = "mschapv2"
> peap: copy_request_to_tunnel = no
> peap: use_tunneled_reply = no
> peap: proxy_tunneled_request_as_eap = yes
> rlm_eap: Loaded and initialized type peap
> mschapv2: with_ntdomain_hack = no
> rlm_eap: Loaded and initialized type mschapv2
> Module: Instantiated eap (eap)
> Module: Loaded preprocess
> preprocess: huntgroups = "/etc/raddb/huntgroups"
> preprocess: hints = "/etc/raddb/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
> Module: Loaded realm
> realm: format = "suffix"
> realm: delimiter = "@"
> realm: ignore_default = no
> realm: ignore_null = no
> Module: Instantiated realm (suffix)
> Module: Loaded files
> files: usersfile = "/etc/raddb/users"
> files: acctusersfile = "/etc/raddb/acct_users"
> files: preproxy_usersfile = "/etc/raddb/preproxy_users"
> files: compat = "no"
> Module: Instantiated files (files)
> Module: Loaded Acct-Unique-Session-Id
> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> Client-IP-Address, NAS-Port"
> Module: Instantiated acct_unique (acct_unique)
> Module: Loaded detail
> detail: detailfile =
> "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
> Module: Instantiated detail (detail)
> Module: Loaded radutmp
> radutmp: filename = "/var/log/radius/radutmp"
> radutmp: username = "%{User-Name}"
> radutmp: case_sensitive = yes
> radutmp: check_with_nas = yes
> radutmp: perm = 384
> radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Listening on authentication *:1812
> Listening on accounting *:1813
> Ready to process requests.
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=17,
> length=129
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0xd0706757be777867d17441eca5dd4bf4
> EAP-Message = 0x0202000b0163637a63736f
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 260
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: EAP packet type response id 2 length 11
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 0
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to ldapsvr.nottingham.ac.uk:636,
> authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: setting TLS CACert File to
> /etc/raddb/certs/UONLDAP-CA-SelfSignedCert.b64
> rlm_ldap: setting TLS Require Cert to demand
> rlm_ldap: bind as cn=RADIUSadmin,o=university/whatever to
> ldapsvr.nottingham.ac.uk:636
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 0
> modcall: leaving group authorize (returns updated) for request 0
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> rlm_eap_tls: Initiate
> rlm_eap_tls: Start returned 1
> modcall[authenticate]: module "eap" returns handled for request 0
> modcall: leaving group authenticate (returns handled) for request 0
> Sending Access-Challenge of id 17 to 128.243.13.34 port 1645
> EAP-Message = 0x010300061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5339d02618b5ac497127a65bc432c74c
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=18,
> length=216
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0x3e27b9c3e604609dce42e692bf464d05
> EAP-Message =
> 0x0203005019800000004616030100410100003d030144c75f3bb06cf457b7ba71b2f3
> b0
> bd4697d0d2eaa9dce8139e7abf0458b6beb800001600040005000a0009006400620003
> 00
> 060013001200630100
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 260
> State = 0x5339d02618b5ac497127a65bc432c74c
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 1
> modcall[authorize]: module "preprocess" returns ok for request 1
> modcall[authorize]: module "chap" returns noop for request 1
> modcall[authorize]: module "mschap" returns noop for request 1
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 1
> rlm_eap: EAP packet type response id 3 length 80
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 1
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 1
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 1
> modcall: leaving group authorize (returns updated) for request 1
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 1
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Length Included
> eaptls_verify returned 11
> (other): before/accept initialization
> TLS_accept: before/accept initialization
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
> TLS_accept: SSLv3 read client hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
> TLS_accept: SSLv3 write server hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
> TLS_accept: SSLv3 write certificate A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> TLS_accept: SSLv3 write server done A
> TLS_accept: SSLv3 flush data
> TLS_accept:error in SSLv3 read client certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 1
> modcall: leaving group authenticate (returns handled) for request 1
> Sending Access-Challenge of id 18 to 128.243.13.34 port 1645
> EAP-Message =
> 0x0104040a19c0000006f1160301004a02000046030144c75f2365aa56fbe7b62c4833
> a8
> 5f417734b7267e596c569e9d715092a68c64200c45484fd5036f705cd8766788cecf9d
> 49
> 1b5b5272b17fe58e400cb36aab85e400040016030106940b00069000068d0002cd3082
> 02
> c930820232a003020102020102300d06092a864886f70d010104050030819f310b3009
> 06
> 03550406130243413111300f0603550408130850726f76696e63653112301006035504
> 07
> 1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31
> 12
> 3010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74
> 20
> 6365
> EAP-Message =
> 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e744065
> 78
> 616d706c652e636f6d301e170d3034303132353133323631305a170d30353031323431
> 33
> 323631305a30819b310b30090603550406130243413111300f0603550408130850726f
> 76
> 696e63653112301006035504071309536f6d65204369747931153013060355040a130c
> 4f
> 7267616e697a6174696f6e31123010060355040b13096c6f63616c686f737431193017
> 06
> 035504031310526f6f74206365727469666963617465311f301d06092a864886f70d01
> 09
> 011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101
> 05
> 0003
> EAP-Message =
> 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8
> 43
> 4a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae
> 66
> 16aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc
> 87
> 73999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f302030100
> 01
> a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d
> 01
> 01040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06f
> b6
> f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07
> e8
> 0d09
> EAP-Message =
> 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911
> c5
> 0e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b630
> 82
> 031fa003020102020100300d06092a864886f70d010104050030819f310b3009060355
> 04
> 06130243413111300f0603550408130850726f76696e63653112301006035504071309
> 53
> 6f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
> 06
> 0355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
> 72
> 74696669636174653121301f06092a864886f70d0109011612636c69656e7440657861
> 6d
> 706c
> EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x16022638546c0923e554e322141c18e6
> Finished request 1
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=19,
> length=142
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0x0b97ecc096b8bff8904d170c175cb5e2
> EAP-Message = 0x020400061900
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 260
> State = 0x16022638546c0923e554e322141c18e6
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 2
> modcall[authorize]: module "preprocess" returns ok for request 2
> modcall[authorize]: module "chap" returns noop for request 2
> modcall[authorize]: module "mschap" returns noop for request 2
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 2
> rlm_eap: EAP packet type response id 4 length 6
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 2
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 2
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 2
> modcall: leaving group authorize (returns updated) for request 2
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 2
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake fragment handler
> eaptls_verify returned 1
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 2
> modcall: leaving group authenticate (returns handled) for request 2
> Sending Access-Challenge of id 19 to 128.243.13.34 port 1645
> EAP-Message =
> 0x010502f71900170d3036303132343133323630375a30819f310b3009060355040613
> 02
> 43413111300f0603550408130850726f76696e63653112301006035504071309536f6d
> 65
> 204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355
> 04
> 0b13096c6f63616c686f7374311b301906035504031312436c69656e74206365727469
> 66
> 69636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
> 65
> 2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5
> b1
> 9724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb9
> 9b
> 41e8
> EAP-Message =
> 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b1
> 33
> 249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b4
> 32
> 50ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e04
> 16
> 041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081
> c1
> 801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b3009
> 06
> 03550406130243413111300f0603550408130850726f76696e63653112301006035504
> 07
> 1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31
> 12
> 3010
> EAP-Message =
> 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420
> 63
> 657274696669636174653121301f06092a864886f70d0109011612636c69656e744065
> 78
> 616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f7
> 0d
> 01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d1
> 2f
> 834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f7722
> 9b
> a2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff65
> 8c
> e1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e
> 00
> 0000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x003c807d75b594d1d3a3764f50db43ee
> Finished request 2
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=20,
> length=328
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0x386e9fe0b194cff5133667db11769877
> EAP-Message =
> 0x020500c01980000000b61603010086100000820080ce17e21fa5ccc64be10321a18d
> df
> e63c313ac2f0fac6319ae17ba1f0892ae98044e434ceb3e2a01e6f1df50d132c9fced2
> 84
> 9f5a940057f566e9cfd5243977f65622eafffe1286b523ccb2d680d40bfb67fadd54cb
> b8
> ea8f9a524c171cda0e7342db3ce1f43621bebf7b02f64a237c7cc8b23be172a1059d16
> 0d
> bf95228a33a31403010001011603010020cd956a90839d44b1128f0801654f9e12fc3b
> 09
> 5a13c11f773e96ad83fa6aa41a
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 260
> State = 0x003c807d75b594d1d3a3764f50db43ee
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 3
> modcall[authorize]: module "preprocess" returns ok for request 3
> modcall[authorize]: module "chap" returns noop for request 3
> modcall[authorize]: module "mschap" returns noop for request 3
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 3
> rlm_eap: EAP packet type response id 5 length 192
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 3
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 3
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 3
> modcall: leaving group authorize (returns updated) for request 3
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 3
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Length Included
> eaptls_verify returned 11
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
> TLS_accept: SSLv3 read client key exchange A
> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
> TLS_accept: SSLv3 read finished A
> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
> TLS_accept: SSLv3 write change cipher spec A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
> TLS_accept: SSLv3 write finished A
> TLS_accept: SSLv3 flush data
> (other): SSL negotiation finished successfully
> SSL Connection Established
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 3
> modcall: leaving group authenticate (returns handled) for request 3
> Sending Access-Challenge of id 20 to 128.243.13.34 port 1645
> EAP-Message =
> 0x01060031190014030100010116030100205132f431789957801f761cb082af90ea11
> 7e
> e618d6758c089f3c676bd11bc6ab
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x3551305d8ad2486511fb677041e42e4f
> Finished request 3
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=21,
> length=142
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0x12bfd77ad4cc09a26e11efbe17ae8386
> EAP-Message = 0x020600061900
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 260
> State = 0x3551305d8ad2486511fb677041e42e4f
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 4
> modcall[authorize]: module "preprocess" returns ok for request 4
> modcall[authorize]: module "chap" returns noop for request 4
> modcall[authorize]: module "mschap" returns noop for request 4
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 4
> rlm_eap: EAP packet type response id 6 length 6
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 4
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 4
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 4
> modcall: leaving group authorize (returns updated) for request 4
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 4
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake is finished
> eaptls_verify returned 3
> eaptls_process returned 3
> rlm_eap_peap: EAPTLS_SUCCESS
> modcall[authenticate]: module "eap" returns handled for request 4
> modcall: leaving group authenticate (returns handled) for request 4
> Sending Access-Challenge of id 21 to 128.243.13.34 port 1645
> EAP-Message =
> 0x0107002019001703010015a41d21eff28d2b8ea55f15286a0485105e6db05cc1
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xf974be77c72057cac6c9bcf66345781b
> Finished request 4
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=22,
> length=170
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0x8cc82c03422303bc20988737f61faea4
> EAP-Message =
> 0x02070022190017030100171f16bf5f905bfc5a54363ffe6ce1edadaae940f63ef6d3
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 260
> State = 0xf974be77c72057cac6c9bcf66345781b
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 5
> modcall[authorize]: module "preprocess" returns ok for request 5
> modcall[authorize]: module "chap" returns noop for request 5
> modcall[authorize]: module "mschap" returns noop for request 5
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 5
> rlm_eap: EAP packet type response id 7 length 34
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 5
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 5
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 5
> modcall: leaving group authorize (returns updated) for request 5
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 5
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established. Decoding tunneled attributes.
> rlm_eap_peap: Identity - cczcso
> rlm_eap_peap: Tunneled data is valid.
> PEAP: Got tunneled identity of cczcso
> PEAP: Setting default EAP type for tunneled EAP session.
> PEAP: Setting User-Name to cczcso
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 5
> modcall[authorize]: module "preprocess" returns ok for request 5
> modcall[authorize]: module "chap" returns noop for request 5
> modcall[authorize]: module "mschap" returns noop for request 5
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 5
> rlm_eap: EAP packet type response id 7 length 11
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 5
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 5
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 5
> modcall: leaving group authorize (returns updated) for request 5
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 5
> rlm_eap: EAP Identity
> rlm_eap: processing type mschapv2
> rlm_eap_mschapv2: Issuing Challenge
> modcall[authenticate]: module "eap" returns handled for request 5
> modcall: leaving group authenticate (returns handled) for request 5
> PEAP: Got tunneled Access-Challenge
> modcall[authenticate]: module "eap" returns handled for request 5
> modcall: leaving group authenticate (returns handled) for request 5
> Sending Access-Challenge of id 22 to 128.243.13.34 port 1645
> EAP-Message =
> 0x010800371900170301002c425f072e04a68daf256cd58d8f78c61a98c231ea9be68a
> 8c
> 0cbe76d9e607a02bbbe49a87e659e9488a03e65c
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xae01d72cb0cea1c7bed6cdea14272854
> Finished request 5
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=23,
> length=224
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0xa9321ffd596a6d141423b960921d1ebb
> EAP-Message =
> 0x020800581900170301004dd973feec5317e088d2254f0464a2110e785d4a6cf778cd
> ff
> 15b78e5dd5e6390188de26cc3f85eb6234321fef4fad4f458c16a903ce9e00b5d59642
> 0d
> d3441ede8a37dadc12ee5f89f6783afbd5
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 260
> State = 0xae01d72cb0cea1c7bed6cdea14272854
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 6
> modcall[authorize]: module "preprocess" returns ok for request 6
> modcall[authorize]: module "chap" returns noop for request 6
> modcall[authorize]: module "mschap" returns noop for request 6
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 6
> rlm_eap: EAP packet type response id 8 length 88
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 6
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 6
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 6
> modcall: leaving group authorize (returns updated) for request 6
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 6
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established. Decoding tunneled attributes.
> rlm_eap_peap: EAP type mschapv2
> rlm_eap_peap: Tunneled data is valid.
> PEAP: Setting User-Name to cczcso
> PEAP: Adding old state with 1d b5
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 6
> modcall[authorize]: module "preprocess" returns ok for request 6
> modcall[authorize]: module "chap" returns noop for request 6
> modcall[authorize]: module "mschap" returns noop for request 6
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 6
> rlm_eap: EAP packet type response id 8 length 65
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 6
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 6
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 6
> modcall: leaving group authorize (returns updated) for request 6
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 6
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/mschapv2
> rlm_eap: processing type mschapv2
> Processing the authenticate section of radiusd.conf
> modcall: entering group MS-CHAP for request 6
> rlm_mschap: No User-Password configured. Cannot create LM-Password.
> rlm_mschap: No User-Password configured. Cannot create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for cczcso with NT-Password
> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform
> authentication.
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
> modcall[authenticate]: module "mschap" returns reject for request 6
> modcall: leaving group MS-CHAP (returns reject) for request 6
> rlm_eap: Freeing handler
> modcall[authenticate]: module "eap" returns reject for request 6
> modcall: leaving group authenticate (returns reject) for request 6
> auth: Failed to validate the user.
> Login incorrect: [cczcso/<no User-Password attribute>] (from client
> localhost port 0)
> PEAP: Tunneled authentication was rejected.
> rlm_eap_peap: FAILURE
> modcall[authenticate]: module "eap" returns handled for request 6
> modcall: leaving group authenticate (returns handled) for request 6
> Sending Access-Challenge of id 23 to 128.243.13.34 port 1645
> EAP-Message =
> 0x010900261900170301001b5ada41d28aca4a6d445ce8eaa7cffbf59279004b730026
> 3d
> d1b9e4
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xa79166509f9ba349827c1a4ae8dde2ff
> Finished request 6
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=24,
> length=174
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0x129315f3cf5436eb5c4b7df7c0accd58
> EAP-Message =
> 0x020900261900170301001bb7ac1518a6af85f83b33e44c264e1e37ef2ecb78c90968
> 33
> e5044c
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 260
> State = 0xa79166509f9ba349827c1a4ae8dde2ff
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 7
> modcall[authorize]: module "preprocess" returns ok for request 7
> modcall[authorize]: module "chap" returns noop for request 7
> modcall[authorize]: module "mschap" returns noop for request 7
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 7
> rlm_eap: EAP packet type response id 9 length 38
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 7
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 7
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 7
> modcall: leaving group authorize (returns updated) for request 7
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 7
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established. Decoding tunneled attributes.
> rlm_eap_peap: Received EAP-TLV response.
> rlm_eap_peap: Tunneled data is valid.
> rlm_eap_peap: Had sent TLV failure, rejecting.
> rlm_eap: Handler failed in EAP/peap
> rlm_eap: Failed in EAP select
> modcall[authenticate]: module "eap" returns invalid for request 7
> modcall: leaving group authenticate (returns invalid) for request 7
> auth: Failed to validate the user.
> Login incorrect: [cczcso/<no User-Password attribute>] (from client
> test-ap port 260 cli 000e.35db.4af2)
> Delaying request 7 for 1 seconds
> Finished request 7
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 24 to 128.243.13.34 port 1645
> EAP-Message = 0x04090004
> Message-Authenticator = 0x00000000000000000000000000000000
> Waking up in 3 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 17 with timestamp 44c75f23
> Cleaning up request 1 ID 18 with timestamp 44c75f23
> Cleaning up request 2 ID 19 with timestamp 44c75f23
> Cleaning up request 3 ID 20 with timestamp 44c75f23
> Cleaning up request 4 ID 21 with timestamp 44c75f23
> Cleaning up request 5 ID 22 with timestamp 44c75f23
> Cleaning up request 6 ID 23 with timestamp 44c75f23
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Cleaning up request 7 ID 24 with timestamp 44c75f24
> Nothing to do. Sleeping until we see a request.
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=25,
> length=129
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0x2a953d446c13615ce39859363d22e5f3
> EAP-Message = 0x0202000b0163637a63736f
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 261
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 8
> modcall[authorize]: module "preprocess" returns ok for request 8
> modcall[authorize]: module "chap" returns noop for request 8
> modcall[authorize]: module "mschap" returns noop for request 8
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 8
> rlm_eap: EAP packet type response id 2 length 11
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 8
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 8
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 8
> modcall: leaving group authorize (returns updated) for request 8
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 8
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> rlm_eap_tls: Initiate
> rlm_eap_tls: Start returned 1
> modcall[authenticate]: module "eap" returns handled for request 8
> modcall: leaving group authenticate (returns handled) for request 8
> Sending Access-Challenge of id 25 to 128.243.13.34 port 1645
> EAP-Message = 0x010300061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x6be438890312338382f240a3328c1142
> Finished request 8
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=26,
> length=216
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0x3ac5f06a25dadfb787bc6ca98f32ad4a
> EAP-Message =
> 0x0203005019800000004616030100410100003d030144c75f4677da152e555b5327d8
> 8d
> 4686dd4b5ffded75b3529e02a8b3b340899000001600040005000a0009006400620003
> 00
> 060013001200630100
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 261
> State = 0x6be438890312338382f240a3328c1142
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 9
> modcall[authorize]: module "preprocess" returns ok for request 9
> modcall[authorize]: module "chap" returns noop for request 9
> modcall[authorize]: module "mschap" returns noop for request 9
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 9
> rlm_eap: EAP packet type response id 3 length 80
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 9
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 9
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 9
> modcall: leaving group authorize (returns updated) for request 9
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 9
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Length Included
> eaptls_verify returned 11
> (other): before/accept initialization
> TLS_accept: before/accept initialization
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
> TLS_accept: SSLv3 read client hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
> TLS_accept: SSLv3 write server hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
> TLS_accept: SSLv3 write certificate A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> TLS_accept: SSLv3 write server done A
> TLS_accept: SSLv3 flush data
> TLS_accept:error in SSLv3 read client certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 9
> modcall: leaving group authenticate (returns handled) for request 9
> Sending Access-Challenge of id 26 to 128.243.13.34 port 1645
> EAP-Message =
> 0x0104040a19c0000006f1160301004a02000046030144c75f2e762037af43414d118e
> 83
> 4b1dc2c8a5e91277c2a72aead80361777efa20ba5e1d6ea2e037b4bc992876256f67e2
> 66
> beb843b38364cde39f20d9f40f70e300040016030106940b00069000068d0002cd3082
> 02
> c930820232a003020102020102300d06092a864886f70d010104050030819f310b3009
> 06
> 03550406130243413111300f0603550408130850726f76696e63653112301006035504
> 07
> 1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31
> 12
> 3010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74
> 20
> 6365
> EAP-Message =
> 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e744065
> 78
> 616d706c652e636f6d301e170d3034303132353133323631305a170d30353031323431
> 33
> 323631305a30819b310b30090603550406130243413111300f0603550408130850726f
> 76
> 696e63653112301006035504071309536f6d65204369747931153013060355040a130c
> 4f
> 7267616e697a6174696f6e31123010060355040b13096c6f63616c686f737431193017
> 06
> 035504031310526f6f74206365727469666963617465311f301d06092a864886f70d01
> 09
> 011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101
> 05
> 0003
> EAP-Message =
> 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8
> 43
> 4a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae
> 66
> 16aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc
> 87
> 73999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f302030100
> 01
> a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d
> 01
> 01040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06f
> b6
> f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07
> e8
> 0d09
> EAP-Message =
> 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911
> c5
> 0e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b630
> 82
> 031fa003020102020100300d06092a864886f70d010104050030819f310b3009060355
> 04
> 06130243413111300f0603550408130850726f76696e63653112301006035504071309
> 53
> 6f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
> 06
> 0355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
> 72
> 74696669636174653121301f06092a864886f70d0109011612636c69656e7440657861
> 6d
> 706c
> EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x3a965ec092c72beff1469ffd09d88e68
> Finished request 9
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=27,
> length=142
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0x4c609b88a50310f9d020cde848c00788
> EAP-Message = 0x020400061900
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 261
> State = 0x3a965ec092c72beff1469ffd09d88e68
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 10
> modcall[authorize]: module "preprocess" returns ok for request 10
> modcall[authorize]: module "chap" returns noop for request 10
> modcall[authorize]: module "mschap" returns noop for request 10
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 10
> rlm_eap: EAP packet type response id 4 length 6
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 10
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 10
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 10
> modcall: leaving group authorize (returns updated) for request 10
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 10
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake fragment handler
> eaptls_verify returned 1
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 10
> modcall: leaving group authenticate (returns handled) for request 10
> Sending Access-Challenge of id 27 to 128.243.13.34 port 1645
> EAP-Message =
> 0x010502f71900170d3036303132343133323630375a30819f310b3009060355040613
> 02
> 43413111300f0603550408130850726f76696e63653112301006035504071309536f6d
> 65
> 204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355
> 04
> 0b13096c6f63616c686f7374311b301906035504031312436c69656e74206365727469
> 66
> 69636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
> 65
> 2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5
> b1
> 9724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb9
> 9b
> 41e8
> EAP-Message =
> 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b1
> 33
> 249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b4
> 32
> 50ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e04
> 16
> 041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081
> c1
> 801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b3009
> 06
> 03550406130243413111300f0603550408130850726f76696e63653112301006035504
> 07
> 1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31
> 12
> 3010
> EAP-Message =
> 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420
> 63
> 657274696669636174653121301f06092a864886f70d0109011612636c69656e744065
> 78
> 616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f7
> 0d
> 01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d1
> 2f
> 834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f7722
> 9b
> a2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff65
> 8c
> e1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e
> 00
> 0000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x96427b04732b210a418a7d7805daa0a8
> Finished request 10
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=28,
> length=328
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0xbfc4cb26790fa85bab4681d5c15681b5
> EAP-Message =
> 0x020500c01980000000b6160301008610000082008011666663181aa5f8f026f47f80
> 4b
> 10bbb93c3988c6d8945257c6cd638aaba3c15effecf95f9c88b593f3fabdac47b43327
> 43
> c4ed758b1822e06b7e890fd0d12f31de058bebff3be45515696ed8ff6580f527b33c34
> 6b
> a50f81207901a6609ff32cf3aff18fb36a78aab2977a9edee743e9a8cbdfb7e076c97a
> b4
> fe9a44f6fd951403010001011603010020b248849d3af197ac90007d1271dcea41e8b2
> e7
> b94f9688763b3504decd0149da
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 261
> State = 0x96427b04732b210a418a7d7805daa0a8
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 11
> modcall[authorize]: module "preprocess" returns ok for request 11
> modcall[authorize]: module "chap" returns noop for request 11
> modcall[authorize]: module "mschap" returns noop for request 11
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 11
> rlm_eap: EAP packet type response id 5 length 192
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 11
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 11
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 11
> modcall: leaving group authorize (returns updated) for request 11
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 11
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Length Included
> eaptls_verify returned 11
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
> TLS_accept: SSLv3 read client key exchange A
> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
> TLS_accept: SSLv3 read finished A
> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
> TLS_accept: SSLv3 write change cipher spec A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
> TLS_accept: SSLv3 write finished A
> TLS_accept: SSLv3 flush data
> (other): SSL negotiation finished successfully
> SSL Connection Established
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 11
> modcall: leaving group authenticate (returns handled) for request 11
> Sending Access-Challenge of id 28 to 128.243.13.34 port 1645
> EAP-Message =
> 0x010600311900140301000101160301002062b94b2b608b9cfb729e0c11cc95b437a0
> ff
> 224a09b728c2869a49b3306976f3
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xe62eae39a8cb1c18e047e8c800b367e4
> Finished request 11
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=29,
> length=142
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0x017a1b8bcfb94b9b2efb603960809fa1
> EAP-Message = 0x020600061900
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 261
> State = 0xe62eae39a8cb1c18e047e8c800b367e4
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 12
> modcall[authorize]: module "preprocess" returns ok for request 12
> modcall[authorize]: module "chap" returns noop for request 12
> modcall[authorize]: module "mschap" returns noop for request 12
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 12
> rlm_eap: EAP packet type response id 6 length 6
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 12
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 12
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 12
> modcall: leaving group authorize (returns updated) for request 12
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 12
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake is finished
> eaptls_verify returned 3
> eaptls_process returned 3
> rlm_eap_peap: EAPTLS_SUCCESS
> modcall[authenticate]: module "eap" returns handled for request 12
> modcall: leaving group authenticate (returns handled) for request 12
> Sending Access-Challenge of id 29 to 128.243.13.34 port 1645
> EAP-Message =
> 0x01070020190017030100154c54223ffd2f906a49347b28a7591ff425eecf2cc1
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xd5b96209e22a855ea27b52d6b089c1c5
> Finished request 12
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=30,
> length=170
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0xc685fe88f7e03a2d48e0d2e91bba2b09
> EAP-Message =
> 0x0207002219001703010017067de3143498c00b85aac542de549ba3bc1bf4d4c43292
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 261
> State = 0xd5b96209e22a855ea27b52d6b089c1c5
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 13
> modcall[authorize]: module "preprocess" returns ok for request 13
> modcall[authorize]: module "chap" returns noop for request 13
> modcall[authorize]: module "mschap" returns noop for request 13
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 13
> rlm_eap: EAP packet type response id 7 length 34
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 13
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 13
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 13
> modcall: leaving group authorize (returns updated) for request 13
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 13
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established. Decoding tunneled attributes.
> rlm_eap_peap: Identity - cczcso
> rlm_eap_peap: Tunneled data is valid.
> PEAP: Got tunneled identity of cczcso
> PEAP: Setting default EAP type for tunneled EAP session.
> PEAP: Setting User-Name to cczcso
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 13
> modcall[authorize]: module "preprocess" returns ok for request 13
> modcall[authorize]: module "chap" returns noop for request 13
> modcall[authorize]: module "mschap" returns noop for request 13
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 13
> rlm_eap: EAP packet type response id 7 length 11
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 13
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 13
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 13
> modcall: leaving group authorize (returns updated) for request 13
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 13
> rlm_eap: EAP Identity
> rlm_eap: processing type mschapv2
> rlm_eap_mschapv2: Issuing Challenge
> modcall[authenticate]: module "eap" returns handled for request 13
> modcall: leaving group authenticate (returns handled) for request 13
> PEAP: Got tunneled Access-Challenge
> modcall[authenticate]: module "eap" returns handled for request 13
> modcall: leaving group authenticate (returns handled) for request 13
> Sending Access-Challenge of id 30 to 128.243.13.34 port 1645
> EAP-Message =
> 0x010800371900170301002cb7e8f0985faf7283b7a6dd0103c5353ffbf4173e90216c
> c0
> 294f5ae33eaa66fb2bb5d132fc6d7a84e39b0a94
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xff9e8c0d2d0b71350dd1cfb728fbc396
> Finished request 13
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=31,
> length=224
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0x1358a7490c3e86a7df72b072df117bf6
> EAP-Message =
> 0x020800581900170301004d86b0e046e14db36638b52e8ecb6ba3a04cf2b6d1b549d1
> e8
> 33754da4a44e97d2bd022fd87a45d504058b41d8402ffd1fdf36c38ab27708fc8a8f95
> 45
> faa72a1121414c31d8f654d31f7ec7a27b
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 261
> State = 0xff9e8c0d2d0b71350dd1cfb728fbc396
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 14
> modcall[authorize]: module "preprocess" returns ok for request 14
> modcall[authorize]: module "chap" returns noop for request 14
> modcall[authorize]: module "mschap" returns noop for request 14
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 14
> rlm_eap: EAP packet type response id 8 length 88
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 14
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 14
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 14
> modcall: leaving group authorize (returns updated) for request 14
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 14
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established. Decoding tunneled attributes.
> rlm_eap_peap: EAP type mschapv2
> rlm_eap_peap: Tunneled data is valid.
> PEAP: Setting User-Name to cczcso
> PEAP: Adding old state with b0 75
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 14
> modcall[authorize]: module "preprocess" returns ok for request 14
> modcall[authorize]: module "chap" returns noop for request 14
> modcall[authorize]: module "mschap" returns noop for request 14
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 14
> rlm_eap: EAP packet type response id 8 length 65
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 14
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 14
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 14
> modcall: leaving group authorize (returns updated) for request 14
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 14
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/mschapv2
> rlm_eap: processing type mschapv2
> Processing the authenticate section of radiusd.conf
> modcall: entering group MS-CHAP for request 14
> rlm_mschap: No User-Password configured. Cannot create LM-Password.
> rlm_mschap: No User-Password configured. Cannot create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for cczcso with NT-Password
> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform
> authentication.
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
> modcall[authenticate]: module "mschap" returns reject for request 14
> modcall: leaving group MS-CHAP (returns reject) for request 14
> rlm_eap: Freeing handler
> modcall[authenticate]: module "eap" returns reject for request 14
> modcall: leaving group authenticate (returns reject) for request 14
> auth: Failed to validate the user.
> Login incorrect: [cczcso/<no User-Password attribute>] (from client
> localhost port 0)
> PEAP: Tunneled authentication was rejected.
> rlm_eap_peap: FAILURE
> modcall[authenticate]: module "eap" returns handled for request 14
> modcall: leaving group authenticate (returns handled) for request 14
> Sending Access-Challenge of id 31 to 128.243.13.34 port 1645
> EAP-Message =
> 0x010900261900170301001b713226eed13f53fc1ca06e097ca77ce773dd3cb6b59c7c
> aa
> bcb553
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xde94aaf9d23667a65f8dec50d6365580
> Finished request 14
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 128.243.13.34:1645, id=32,
> length=174
> User-Name = "cczcso"
> Framed-MTU = 1400
> Called-Station-Id = "0011.9335.1210"
> Calling-Station-Id = "000e.35db.4af2"
> Service-Type = Login-User
> Message-Authenticator = 0x179a4da59d173a630bebe38ac5a08d1c
> EAP-Message =
> 0x020900261900170301001b73248026aad62299e34b48cae67e6146cf758f688ea6a9
> e5
> b54add
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 261
> State = 0xde94aaf9d23667a65f8dec50d6365580
> NAS-IP-Address = 128.243.13.34
> NAS-Identifier = "tmp-ap"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 15
> modcall[authorize]: module "preprocess" returns ok for request 15
> modcall[authorize]: module "chap" returns noop for request 15
> modcall[authorize]: module "mschap" returns noop for request 15
> rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 15
> rlm_eap: EAP packet type response id 9 length 38
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 15
> users: Matched entry DEFAULT at line 215
> modcall[authorize]: module "files" returns ok for request 15
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for cczcso
> radius_xlat: '(cn=cczcso)'
> radius_xlat: 'o=university'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=university, with filter (cn=cczcso)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cczcso authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 15
> modcall: leaving group authorize (returns updated) for request 15
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 15
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established. Decoding tunneled attributes.
> rlm_eap_peap: Received EAP-TLV response.
> rlm_eap_peap: Tunneled data is valid.
> rlm_eap_peap: Had sent TLV failure, rejecting.
> rlm_eap: Handler failed in EAP/peap
> rlm_eap: Failed in EAP select
> modcall[authenticate]: module "eap" returns invalid for request 15
> modcall: leaving group authenticate (returns invalid) for request 15
> auth: Failed to validate the user.
> Login incorrect: [cczcso/<no User-Password attribute>] (from client
> test-ap port 261 cli 000e.35db.4af2)
> Delaying request 15 for 1 seconds
> Finished request 15
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 32 to 128.243.13.34 port 1645
> EAP-Message = 0x04090004
> Message-Authenticator = 0x00000000000000000000000000000000
> Waking up in 3 seconds...
> --- Walking the entire request list ---
> Cleaning up request 8 ID 25 with timestamp 44c75f2e
> Cleaning up request 9 ID 26 with timestamp 44c75f2e
> Cleaning up request 10 ID 27 with timestamp 44c75f2e
> Cleaning up request 11 ID 28 with timestamp 44c75f2e
> Cleaning up request 12 ID 29 with timestamp 44c75f2e
> Cleaning up request 13 ID 30 with timestamp 44c75f2e
> Cleaning up request 14 ID 31 with timestamp 44c75f2e
> Waking up in 1 seconds...
>
> Catriona O'Connell
> Network Security Analyst
> Network Team, Information Services,
> The University of Nottingham, Cripps Computing Centre, University
> Park,
> Nottingham, NG7 2RD
>
> Tel: 0115 8467710
>
>
> This message has been checked for viruses but the contents of an
> attachment
> may still contain software viruses, which could damage your
> computer system:
> you are advised to perform your own checks. Email communications
> with the
> University of Nottingham may be monitored as permitted by UK
> legislation.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
Josh Howlett, Networking Specialist, University of Bristol.
email: josh.howlett at bristol.ac.uk | phone: +44 (0)7867 907076 |
internal: 7850
More information about the Freeradius-Users
mailing list